tristan/kdeconnect-kde
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

certificate handling after 10years

Browse source 
Auto reconfiguration of own certificate:

currently:
if kdeconncectd loads its certificate and its expired or not effective yet
it generates a new certificate

previously:
if kdeconncectd loads its certificate and its expired or not effective yet
it continues having the same certificate
This brings forth an issue: Other devices would refuse to connect to a device with 
an expired or non-effective certificate.


Auto-delete of orphan certificates:

currently:
Devices in kdeconnectd's devicelist that have illegal ssl certificates
(expired, not effective yet, empty) get automatically deleted from the
devicelist


previously:
they would just exist forever until the user deletes them


A year does not have 356 days: 

currently: int a_year_in_seconds = 365 * 24 * 60 * 60;

previously: int a_year_in_seconds = 356 * 24 * 60 * 60;
This commit is contained in:
Adam Liscak 2024-08-26 17:42:08 +00:00 committed by Albert Vaca Cintora
parent 0b0edbc27d
commit a4e6e11dd6
6 changed files with 33 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
core/daemon.cpp
View file

@ -90,7 +90,14 @@ void Daemon::init()
// Read remembered paired devices // Read remembered paired devices
const QStringList &list = KdeConnectConfig::instance().trustedDevices(); const QStringList &list = KdeConnectConfig::instance().trustedDevices();
for (const QString &id : list) { for (const QString &id : list) {
addDevice(new Device(this, id)); Device *d = new Device(this, id);
// prune away devices with malformed certificates
if (d->hasInvalidCertificate()) {
qCDebug(KDECONNECT_CORE) << "Certificate for device " << id << "illegal, deleting the device";
KdeConnectConfig::instance().removeTrustedDevice(id);
} else {
addDevice(d);
}
} }
qCDebug(KDECONNECT_CORE) << "Paired devices added"; qCDebug(KDECONNECT_CORE) << "Paired devices added";

6
core/device.cpp
View file

@ -320,7 +320,11 @@ bool Device::updateDeviceInfo(const DeviceInfo &newDeviceInfo)
return hasChanges; return hasChanges;
} }
bool Device::hasInvalidCertificate()
{
QDateTime now = QDateTime::currentDateTime();
return certificate().isNull() || certificate().effectiveDate() >= now || certificate().expiryDate() <= now;
}
void Device::linkDestroyed(QObject *o) void Device::linkDestroyed(QObject *o)
{ {
removeLink(static_cast<DeviceLink *>(o)); removeLink(static_cast<DeviceLink *>(o));

2
core/device.h
View file

@ -74,6 +74,8 @@ public:
bool updateDeviceInfo(const DeviceInfo &deviceInfo); bool updateDeviceInfo(const DeviceInfo &deviceInfo);
bool hasInvalidCertificate();
PairState pairState() const; PairState pairState() const;
Q_SCRIPTABLE int pairStateAsInt() const; // Hack because qdbus doesn't like enums Q_SCRIPTABLE int pairStateAsInt() const; // Hack because qdbus doesn't like enums
Q_SCRIPTABLE bool isPaired() const; Q_SCRIPTABLE bool isPaired() const;

15
core/kdeconnectconfig.cpp
View file

@ -215,6 +215,12 @@ void KdeConnectConfig::removeTrustedDevice(const QString &deviceId)
// We do not remove the config files. // We do not remove the config files.
} }
void KdeConnectConfig::removeAllTrustedDevices()
{
d->m_trustedDevices->clear();
d->m_trustedDevices->sync();
}
// Utility functions to set and get a value // Utility functions to set and get a value
void KdeConnectConfig::setDeviceProperty(const QString &deviceId, const QString &key, const QString &value) void KdeConnectConfig::setDeviceProperty(const QString &deviceId, const QString &key, const QString &value)
{ {
@ -276,10 +282,18 @@ bool KdeConnectConfig::loadPrivateKey(const QString &keyPath)
bool KdeConnectConfig::loadCertificate(const QString &certPath) bool KdeConnectConfig::loadCertificate(const QString &certPath)
{ {
QFile cert(certPath); QFile cert(certPath);
QDateTime now = QDateTime::currentDateTime();
if (cert.exists() && cert.open(QIODevice::ReadOnly)) { if (cert.exists() && cert.open(QIODevice::ReadOnly)) {
d->m_certificate = QSslCertificate(cert.readAll()); d->m_certificate = QSslCertificate(cert.readAll());
if (d->m_certificate.isNull()) { if (d->m_certificate.isNull()) {
qCWarning(KDECONNECT_CORE) << "Certificate from" << certPath << "is not valid"; qCWarning(KDECONNECT_CORE) << "Certificate from" << certPath << "is not valid";
} else if (d->m_certificate.effectiveDate() >= now) {
qCWarning(KDECONNECT_CORE) << "Certificate from" << certPath << "not yet effective: " << d->m_certificate.effectiveDate();
return true;
} else if (d->m_certificate.expiryDate() <= now) {
qCWarning(KDECONNECT_CORE) << "Certificate from" << certPath << "expired: " << d->m_certificate.expiryDate();
return true;
} }
} }
return d->m_certificate.isNull(); return d->m_certificate.isNull();
@ -294,6 +308,7 @@ void KdeConnectConfig::loadOrGeneratePrivateKeyAndCertificate(const QString &key
generatePrivateKey(keyPath); generatePrivateKey(keyPath);
} }
if (needsToGenerateCert) { if (needsToGenerateCert) {
removeAllTrustedDevices();
generateCertificate(certPath); generateCertificate(certPath);
} }

2
core/kdeconnectconfig.h
View file

@ -77,6 +77,8 @@ private:
void generatePrivateKey(const QString &path); void generatePrivateKey(const QString &path);
void generateCertificate(const QString &path); void generateCertificate(const QString &path);
void removeAllTrustedDevices();
struct KdeConnectConfigPrivate *d; struct KdeConnectConfigPrivate *d;
}; };

2
core/sslhelper.cpp
View file

@ -200,7 +200,7 @@ QSslCertificate generateSelfSignedCertificate(const QSslKey &qtPrivateKey, const
} }
// Set the certificate validity period. // Set the certificate validity period.
int a_year_in_seconds = 356 * 24 * 60 * 60; int a_year_in_seconds = 365 * 24 * 60 * 60;
X509_gmtime_adj(X509_getm_notBefore(x509.get()), -a_year_in_seconds); X509_gmtime_adj(X509_getm_notBefore(x509.get()), -a_year_in_seconds);
X509_gmtime_adj(X509_getm_notAfter(x509.get()), 10 * a_year_in_seconds); X509_gmtime_adj(X509_getm_notAfter(x509.get()), 10 * a_year_in_seconds);